-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathConditionalBypass.ql
More file actions
28 lines (26 loc) · 970 Bytes
/
ConditionalBypass.ql
File metadata and controls
28 lines (26 loc) · 970 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/**
* @name User-controlled bypass of sensitive method
* @description User-controlled bypassing of sensitive methods may allow attackers to avoid
* passing through authentication systems.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision medium
* @id java/user-controlled-bypass
* @tags security
* external/cwe/cwe-807
* external/cwe/cwe-290
*/
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.ConditionalBypassQuery
import ConditionalBypassFlow::PathGraph
from
ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, MethodCall m, Expr e
where
conditionControlsMethod(m, e) and
sink.getNode().asExpr() = e and
ConditionalBypassFlow::flowPath(source, sink)
select m, source, sink,
"Sensitive method may not be executed depending on a $@, which flows from $@.", e,
"this condition", source.getNode(), "user-controlled value"